Home/ Questions/Q 6909927
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-27T08:45:03+00:00

We are using a html embedded object as given below. We are trying to

  • 0

We are using a html embedded object as given below. We are trying to find the referrer on server side from the request. But in Safari browser referrer is not setting. Is there a way we can pass referrer explicitly in this scenario?

<object id=\"\" codebase=\"http://www.sample.com/qtactivex/qtplugin.cab#version=7,3,0,0\" width=\"848\" height=\"480\" classid=\"clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B\" class=\" quicktime\"><param value=\""+videoURL+"\" name=\"src\"><param value=\"transparent\" name=\"wmode\"><param value=\"false\" name=\"showlogo\"><param value=\"tofit\" name=\"scale\"><param value=\"true\" name=\"saveembedtags\"><param value=\"true\" name=\"postdomevents\"><embed src=\""+videoURL+"\" type=\"video/quicktime\" wmode=\"transparent\" postdomevents=\"true\" controller=\"true\" showlogo=\"false\" scale=\"tofit\" width=\"848\" height=\"480\" airplay=\"allow\" posterframe=\"http://sample.com/global/elements/quicktime/qt_endstate848x480.jpg\" autostart=\"true\" cache=\"true\" bgcolor=\"white\" aggressivecleanup=\"false\" style=\"width: 848px; height: 480px; \"><param value=\"true\" name=\"controller\"><param value=\"http://sample.com/global/elements/quicktime/qt_endstate848x480.jpg\" name=\"posterframe\"><param value=\"false\" name=\"showlogo\"><param value=\"true\" name=\"autostart\"><param value=\"true\" name=\"cache\"><param value=\"white\" name=\"bgcolor\"><param value=\"false\" name=\"aggressivecleanup\"></object>
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You can access the referrer in Javascript using document.referrer, though my understanding is that it would be a mistake to rely on it. I’m not sure this is what you’re looking for, though – this would give you the previous page the user was on, whereas when the server receives the request for the video I assume you want the current page, which is available as location.href. You could add this as a querystring parameter to the video URL to pass it to the server.

    But I’m guessing that you’re trying to restrict the content of the video to only be shown on a particular site. In this case, passing the referrer explicitly through a querystring is going to be insufficient, because it’s too easy to spoof. In that case, you might be better off using some sort of token-based verification. You might be able to use this technique for avoiding cross-site request forgeries, which relies on checking a site-specific cookie against a parameter that’s passed to the server.

    • 0